Embperl - building dynamic websites with Perl


Escaping/Unescaping
[ << Prev: Security ] [ Content ] [ Next: How to continue >> ]



Input: unescapingtop

Embperl is able to unescape the source it reads. That is usfull when you use a high level HTML editor, which might add unwanted html tags like <BR> into your Perl code.

This feature if off by default in Embperl 2.0 and can be turned on with the configuration directive EMBPERL_INPUT_ESCMODE.

When turned on it does

 

convert HTML escapes to characters (e.g. &lt; to <)

 

remove HTML tags from Perl code (e.g. <br> insert by high level editor)



Output: escapingtop

It's very important to do a correct escing of your HTML output, to avoid security problems like cross-site-scripting. Therefor Embperl escapes all output that comes from Perl. This escaping is context sensitv and uses HTML or URL escaping, depending on the context. It's also possible to use XML escaping.

The output escaping can be configured by the configuration directive EMBPERL_ESCMODE or changed anytime inside any page by setting $escmode


[ << Prev: Security ] [ Content ] [ Next: How to continue >> ]


© 1997-2023 Gerald Richter / actevy